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Detailed Action 

1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
09/18/2006 has been entered. 

Claims 1, 2, 4, 6, 9, 12, 14, 15, 17, 19, 22, 25, 27, 28, 30, 32, 35, 38, 40, 46, 47, 
52, 57, 60, 62, 65, 67 and 70 have been amended. Claims 1-71 are pending. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351(a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-2, 14-15 and 27-28 are rejected under 35 U.S.C. 102(a) as being 
anticipated by or, in the alternative, under 35 U.S.C. 103(a) as obvious over 
Jacobson et al. (US 6,044,402), hereinafter "Jacobson". 
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4. As to claim 1, Jacobson teaches a method for controlling subscriber access in a 
network capable of establishing connections with a plurality of domain sites, comprising: 

receiving, at an access server coupled to a first communication network and a 
second communication network, a communication from a subscriber on said first 
communication network (i.e., receiving, at a gateway server 106 coupled to a first 
subnet 102-1 and a second subnet 102-2, a communication packet 114 transmitted 
between the protected hosts 104-1 within the subnet 102-1 and the remote hosts 104-2 
within the subnet 102-2), said communication optionally including a domain site 
identifier associated with a domain site on said second communication network (each 
communication packet 114 includes a destination physical address 154, wherein the 
destination physical address 154 is the physical address of a single device/terminal or 
the physical address of the gateway of a subnet hence, one having ordinary skill in the 
art would appreciate that the destination physical address 154 can be implemented as a 
domain site identifier associated with a domain site on said second communication 
network) (Jacobson, Fig. 1, col. 3, lines 8-56 and col. 12, lines 33-59); and 

authorizing subscriber access to said domain site on said second communication 
network upon determining, in response to said receiving, that said domain site identifier 
is included in a list of authorized domain sites associated with a virtual circuit through 
which said communication is received (the blocking controller determines whether the 
destination address 154 of the communication packet 114 in the connection information 
set, which is the network address of the destination, is in the network access list; if it is, 
then the connection is to be allowed) (Jacobson, col. 18, lines 42-53). 



Application/Control Number: 09/712,005 
Art Unit: 2141 



Page 4 



5. As to claim 2, Jacobson teaches the method of claim 1, further comprising 
terminating said communication when said domain site identifier is not included in said 
list (if the destination physical address 154 is not in the network address access list, 
then the connection is to be blocked) (Jacobson, col. 18, lines 42-53). 

6. Claims 14-1 5 are corresponding program storage device claims of method claims 
1-2; therefore, they are rejected under the same rationale. 

7. Claims 27-28 are corresponding apparatus claims of method claims 1-2; 
therefore, they are rejected under the same rationale. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

9. Claims 3-5, 9-11, 16-18, 22-24, 29-31, 35-37, 40 and 42-51 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Jacobson, in view of Loehndorf, Jr. et 
al. (US 6,094,437), hereinafter "Loehndorf". 
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10. As to claims 3-4, Jacobson teaches the method of claim 1, but does not 
explicitly teach said communication comprises a Point-to-Point Protocol (PPP) session, 
which in turn comprises a tunneling session and said PPP session is forwarded onto a 
tunnel associated with an assigned tunnel ID when said subscriber is authorized to 
access said domain site. 

In an analogous art, Loehndorf teaches that the Point-to-Point Protocol (PPP) 
has been standardized by the Internet Engineering Task Force (IETF) to be used to 
allow Internet Protocol (IP) and other protocols (such as IPX, XNS, AppleTalk, etc.) to 
be sent over non-IP mediums such as the Public Switched Telephone Network (PSTN), 
ATM, Frame Relay, SONET, etc. in Internet communications. Loehndorf also teaches 
the IETF developed the L2TP (Layer Two Tunneling Protocol) to allow the PPP session 
to be tunneled over the Internet by establishing the tunnel using a tunnel ID (i.e., 
forwarding PPP session onto a tunnel associated with an assigned funnel ID) 
(Loehndorf, col. 1 , line 43 - col. 3, line 25 and col. 1 1 , lines 36-67). 

Therefore, it would have been obvious to one having ordinary skills in the Data 
Processing Art at the time the invention was made to combine the teachings of 
Jacobson and Loehndorf, since both references are directed to computer-to-computer 
session/connection establishing and managing, hence, would be considered to be 
analogous based on their related fields of endeavor. One would be motivated to do so 
for various purposes such as information hiding, adding needed functionality, or 
improving functionality by using the tunneling technology to enable one network to 
securely send its data via other networks' connections (Loehndorf, col. 1, lines 33-54). 
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11. As to claim 5, Jacobson-Loehndorf teaches the method of claim 4, wherein 
said tunnel session comprises an L2TP session (the IETF developed the L2TP to allow 
the PPP to be tunneled over the Internet) (Loehndorf, col. 2, line 66 - col. 3, line 7). 

12. As to claim 9, Jacobson-Loehndorf teaches the method of claim 5, wherein 
said determining further comprises: 

issuing a tunnel ID request including domain site identifier and a virtual circuit 
identifier; and receiving a tunnel ID (the routing function of L2TP access payloads is 
performed on the L2TP tunnel information, which includes the L2TP tunnel ID and call 
ID with the proper IP and UDP source and destination addresses, i.e., the incoming call 
tunnel addressing "ICT" that the L2TP Access Concentrator "LAC" communicates the 
service provider that it wishes to use, by the tunnel that it chooses to send data over) 
(Loehndorf, col. 11, lines 10-55). 

1 3. As to claim 1 0, Jacobson-Loehndorf teaches the method of claim 9, wherein an 
AAA server services said tunnel ID request (Loehndorf, col. 2, lines 32-46). 

14. As to claim 11, Jacobson-Loehndorf teaches the method of claim 9, wherein 
said virtual circuit identifier comprises a VPINCI identifier (Loehndorf teaches that IP 
packets may be transported as AMT cells, wherein it is well-known in the art that each 
ATM cell contains 48 bytes payload and 5 bytes header containing virtual path identifier 
"VPI" and virtual channel identifier 'VC/ " fields, which defines a channel). 
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15. Claims 16-18 and 22-24 recite program storage device claims that contain 
substantially the same limitations as method claims 3-5 and 9-11; therefore, they are 
rejected under the same rationale. 

16. Claims 29-31 and 35-37 recite apparatus claims that contain substantially the 
same limitations as method claims 3-5 and 9-11; therefore, they are rejected under the 
same rationale. 

17. Claims 40 and 42-51 recite access server claims that contain substantially the 
same limitations as method claims 1 , 3-5 and 9-1 1 ; therefore, they are rejected under 
the same rationale. 



Allowable Subject Matter 



18. Claims 6-8, 12-13, 19-21, 25-26, 32-34, 38-39 and 41 are objected to as being 
dependent upon a rejected base claim, but would be allowable if rewritten in 
independent form including all of the limitations of the base claim and any intervening 
claims. 



19. Claims 52-71 are allowed. 
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Response to Arguments 

20. In the remarks, applicant argued in substance that 

(A) Prior Art does not teach, "authorizing subscriber access to said domain site 
on said second communication network upon determining, in response to said 
receiving, that said domain identifier is included in a list of authorized domain sites 
associated with a virtual circuit through which said communication is receiving", as 
recited in claim 1 . 

As to point (A), before addressing the argument, Examiner respectfully submits 
that the language of the limitation cited in the quotation "domain site identifier" can be 
given the broadest and reasonable interpretation in light of the specification as 
according to the Webopebia.com definition of "domain", wherein within the Internet, 
domains are defined by the IP address and all devices sharing a common part of the IP 
address are said to be in the same domain and according to the "Microsoft Computer 
Dictionary - Fifth Edition" definition of "domain name" - An address of a network 
connection that identifies the owner of that address in a hierarchical format: 
server. organization. type . 

Here, Jacobson teaches a method for controlling subscriber access in a network 
capable of establishing connections with a plurality of domains, i.e., domain sites, 
wherein the blocking controller 170 determines whether to block or authorize the 
connection based on the network access list 212 (Examiner respectfully submits that it's 
obvious to one having ordinary skill in the art that the network access list can contain a 
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plurality of network addresses such as IP addresses, URLs and/or domain names, i.e., 
domain site identifiers that are usually associated with network ports, channels, tunnels, 
links, paths via which the destination is requested to be accessed or connected). 

Jacobson also teaches each communication packet 114 includes a destination 
physical address 154, wherein the destination physical address 154 maybe the physical 
address of the gateway 106 of a subnet, hence, the destination physical address 154 
can be implemented as a domain name or a domain site identifier associated with a 
domain site on a communication network (Jacobson, col. 12, lines 33-59). 

Jacobson then teaches that the blocking controller determines whether the 
destination physical address 154 of the communication packet 114 in the connection 
information set, which is the network address of the destination, is in the network 
access list of plurality of network addresses; if it is, then the connection is to be allowed 
(i.e., authorizing subscriber access to said domain site of the domain site identifier is 
included in the list of authorized domain sites) (Jacobson, col. 18, lines 42-53). 

Hence, Prior Art does teach "authorizing subscriber access to said domain site 
on said second communication network upon determining, in response to said 
receiving, that said domain identifier is included in a list of authorized domain sites 
associated with a virtual circuit through which said communication is receiving", as 
recited in claim 1 . 

21. Applicant's arguments as well as request for reconsideration filed on 09/18/2006 
have been fully considered but they are not deemed to be persuasive. 
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22. A shortened statutory period for reply to this action is set to expire THREE (3) 
months from the mailing date of this communication. See 37 CFR 1.134. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Quang N. Nguyen whose telephone number is (571) 
272-3886. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
SPE, Rupal Dharia, can be reached at (571) 272-3880. The fax phone number for the 
organization is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Quang N. Nguyen 
Patent Examiner 
All -2141 



